Attacks on lone blogger reverberate across Web

Last Updated: Sunday, August 9, 2009 - 11:44

New York: The outage that knocked Twitter offline for hours was traced to an attack on a lone blogger in the former Soviet republic of Georgia — but the collateral damage that left millions around the world tweetless showed just how much havoc an isolated cyberdispute can cause.

"It told us how quickly many people really took Twitter into their hearts," Robert Thompson, director of the Center for the Study of Popular Television at Syracuse University, said Friday.

Tens of millions of people have come to rely on social media to express their innermost thoughts and to keep up with world news and celebrity gossip.

Twitter "is one of those little amusements that infiltrated the mass behavior in some significant ways, so that when it went away, a lot of people really noticed it and missed it."

The attacks Thursday also slowed down Facebook and caused problems for the online diary site LiveJournal. But Twitter, the 140-character-or-less messaging site used by celebrities, businesses and even Iranian protesters, suffered a total outage that lasted several hours.

Those attacks continued Friday from thousands of computers pummeling its servers, said Kazuhiro Gomi, chief technology officer for NTT America Enterprise Hosting Services, which hosts Twitter`s service.

Twitter crashed because of a denial-of-service attack, in which hackers command scores of computers toward a single site at the same time to prevent legitimate traffic from getting through. The attack was targeted at a blogger who goes by "Cyxymu" — Cyrillic spelling of Sukhumi, a city in the breakaway territory of Abkhazia in Georgia — on several websites, including Twitter, Facebook and LiveJournal.

But they could have just as well targeted Twitter itself. That`s because the effects were the same whether the excess traffic went to the "twitter.com" home page or to the page for Cyxymu at "twitter.com/cyxymu." Same with Facebook and LiveJournal.

"A denial of service attack like this one is a very blunt instrument," said Ray Dickenson, chief technology officer at Authentium, a computer security firm. It`s as if a viewer who didn`t like one show on a television channel decided to "knock out the whole station."

Or like fishing with dynamite: You`ll catch something, but the blast will kill dolphins, sharks and other organisms, too.

Just who was behind these attacks is not yet clear, but the dispute was probably related to the ongoing political conflict between Russia and Georgia.

Gomi said the attacking computers were located around the world and the source of the attacks was not known.

The attacks seemed to come in two waves.

The first was a spam campaign consisting of e-mails with links back to posts by Cyxymu. This drove some traffic to the blogger`s postings on various social-networking sites, possibly to disparage him as the source of the spam.

The second and more destructive phase consisted of the denial-of-service attack, which attacked the sites` servers by sending it lots of junk requests — presumably to prevent people from reading his viewpoints.

It would have been much harder for the perpetrators of the attacks to isolate Cyxymu`s accounts on each social-networking site and shut it down. To do that, they would have needed to access his password by guessing it or somehow luring him into giving it out.

The blunt approach was easier — and more damaging.

On Friday, the surge of traffic to Twitter was about as it was Thursday — as much as 20 percent above normal traffic levels. But Gomi said NTT was better able to filter out the fake traffic, which is why Twitter stayed online.

Dickenson said Twitter was more vulnerable than Facebook and other sites because the company`s servers are hosted by a single service provider, something larger websites tend to avoid as they grow.

Although having several providers is no guarantee of avoiding harm, Dickenson said doing so at least gives the sites more tools and space to work with once they occur.

Craig Labovitz, chief scientist for Arbor Networks, a Chelmsford, Mass.-based network security firm, said Twitter`s smaller size also made it more vulnerable.

"Twitter is just apples and oranges compared to Facebook," he said. "Facebook is massive, and they presumably have massive infrastructure backing it."

After the attacks on Twitter started, NTT turned on a technology that protects against denial of service attacks. The problem is it slows down access to the site.

"It`s still under attack," he said. "If we turned that stuff off, the Twitter site could go down immediately, to be quite honest."

According to comScore, Twitter had 20.1 million unique visitors in the United States in June, some 34 times the 593,000 a year earlier. This compares with Facebook`s 77 million this June, more than double the 37.4 million in the prior year.

Bureau Report



First Published: Sunday, August 9, 2009 - 11:44

comments powered by Disqus